[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Oct 8 21:11:08 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4c73413 by security tracker role at 2018-10-08T20:10:55Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18067
+	RESERVED
+CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a ...)
+	TODO: check
+CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...)
+	TODO: check
+CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during ...)
+	TODO: check
+CVE-2018-18063
+	RESERVED
+CVE-2018-18062
+	RESERVED
+CVE-2018-18061
+	RESERVED
+CVE-2018-18060
+	RESERVED
+CVE-2018-18059
+	RESERVED
+CVE-2018-18058
+	RESERVED
+CVE-2018-18057
+	RESERVED
+CVE-2018-18056
+	RESERVED
+CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
+	TODO: check
+CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input ...)
+	TODO: check
+CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...)
+	TODO: check
+CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...)
+	TODO: check
+CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 ...)
+	TODO: check
+CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ...)
+	TODO: check
+CVE-2018-1000803 (Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability ...)
+	TODO: check
 CVE-2018-18055
 	RESERVED
 CVE-2018-18054
@@ -180,8 +218,8 @@ CVE-2018-17979
 	RESERVED
 CVE-2018-17978
 	RESERVED
-CVE-2018-17977
-	RESERVED
+CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM ...)
+	TODO: check
 CVE-2018-17976
 	RESERVED
 CVE-2018-17975
@@ -374,8 +412,8 @@ CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior ru
 	NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
 CVE-2018-17890
 	RESERVED
-CVE-2018-17889
-	RESERVED
+CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior ...)
+	TODO: check
 CVE-2018-17888
 	RESERVED
 CVE-2018-17887
@@ -387,6 +425,7 @@ CVE-2018-17885
 CVE-2018-17883
 	RESERVED
 CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the ...)
+	{DSA-4313-1}
 	- linux 4.18.10-2
 	[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
 	NOTE: https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
@@ -635,8 +674,8 @@ CVE-2018-17777
 	RESERVED
 CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
 	NOT-FOR-US: PCProtect Anti-Virus
-CVE-2018-17775
-	RESERVED
+CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...)
+	TODO: check
 CVE-2018-17774
 	RESERVED
 CVE-2018-17773
@@ -1338,14 +1377,14 @@ CVE-2018-17445
 	RESERVED
 CVE-2018-17444
 	RESERVED
-CVE-2018-17443
-	RESERVED
-CVE-2018-17442
-	RESERVED
-CVE-2018-17441
-	RESERVED
-CVE-2018-17440
-	RESERVED
+CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+	TODO: check
+CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+	TODO: check
+CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+	TODO: check
+CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+	TODO: check
 CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
@@ -2235,8 +2274,8 @@ CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_vide
 	NOT-FOR-US: SeaCMS
 CVE-2018-17061 (BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, ...)
 	NOT-FOR-US: BullGuard Safe Browsing
-CVE-2018-17060
-	RESERVED
+CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not whitelist ...)
+	TODO: check
 CVE-2018-17059
 	RESERVED
 CVE-2018-17058
@@ -2915,6 +2954,7 @@ CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...
 	NOT-FOR-US: EasyCMS
 CVE-2018-16758
 	RESERVED
+	{DSA-4312-1 DLA-1538-1}
 	- tinc 1.0.35-1
 	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
 CVE-2018-16757
@@ -2980,6 +3020,7 @@ CVE-2018-16739
 	RESERVED
 CVE-2018-16738
 	RESERVED
+	{DSA-4312-1}
 	- tinc 1.0.35-1
 	[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
 	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
@@ -2987,6 +3028,7 @@ CVE-2018-16738
 	NOTE: in place for the Sweet32 attack in tinc 1.0.30.
 CVE-2018-16737
 	RESERVED
+	{DLA-1538-1}
 	- tinc 1.0.31-1
 	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
 CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the ...)
@@ -4095,20 +4137,20 @@ CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory .
 	NOT-FOR-US: Wordpress plugin
 CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
 	NOT-FOR-US: MiniCMS
-CVE-2018-16297
-	RESERVED
-CVE-2018-16296
-	RESERVED
-CVE-2018-16295
-	RESERVED
-CVE-2018-16294
-	RESERVED
-CVE-2018-16293
-	RESERVED
-CVE-2018-16292
-	RESERVED
-CVE-2018-16291
-	RESERVED
+CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-16296 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-16295 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-16294 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-16293 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-16292 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-16291 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-16290
 	RESERVED
 CVE-2018-16289
@@ -5021,8 +5063,8 @@ CVE-2018-15905
 	RESERVED
 CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before ...)
 	NOT-FOR-US: A10 ACOS Web Application Firewall
-CVE-2018-15903
-	RESERVED
+CVE-2018-15903 (The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored ...)
+	TODO: check
 CVE-2018-15902
 	RESERVED
 CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing ...)
@@ -6516,6 +6558,7 @@ CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxen
 	- xen <unfixed> (unimportant)
 	NOTE: https://xenbits.xen.org/xsa/advisory-272.html
 CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
+	{DSA-4313-1}
 	- linux 4.18.10-2
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-270.html
@@ -7574,8 +7617,8 @@ CVE-2018-14820
 	RESERVED
 CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read ...)
 	NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14818
-	RESERVED
+CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
+	TODO: check
 CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14816
@@ -7590,8 +7633,8 @@ CVE-2018-14812
 	RESERVED
 CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer ...)
 	NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14810
-	RESERVED
+CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
+	TODO: check
 CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users ...)
@@ -17836,7 +17879,7 @@ CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot
 	NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
 CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an ...)
-	{DSA-4271-1}
+	{DSA-4271-1 DLA-1539-1}
 	- samba 2:4.8.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
 CVE-2018-10918 (A null pointer dereference flaw was found in the way samba checked ...)
@@ -18104,7 +18147,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
 	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
 CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ...)
-	{DSA-4271-1}
+	{DSA-4271-1 DLA-1539-1}
 	- samba 2:4.8.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
 CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltration ...)
@@ -33637,14 +33680,14 @@ CVE-2018-5404
 	RESERVED
 CVE-2018-5403
 	RESERVED
-CVE-2018-5402
-	RESERVED
-CVE-2018-5401
-	RESERVED
-CVE-2018-5400
-	RESERVED
-CVE-2018-5399
-	RESERVED
+CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
+	TODO: check
+CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
+	TODO: check
+CVE-2018-5400 (The Auto-Maskin products utilize an undocumented custom protocol to ...)
+	TODO: check
+CVE-2018-5399 (The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear ...)
+	TODO: check
 CVE-2018-5398
 	RESERVED
 CVE-2018-5397
@@ -37262,18 +37305,18 @@ CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists i
 	TODO: check
 CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
 	TODO: check
-CVE-2018-3997
-	RESERVED
-CVE-2018-3996
-	RESERVED
+CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
 CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
 CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
-CVE-2018-3992
-	RESERVED
+CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-3991
 	RESERVED
 CVE-2018-3990
@@ -37366,18 +37409,18 @@ CVE-2018-3947
 	RESERVED
 CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
-CVE-2018-3945
-	RESERVED
+CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-3944 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
 CVE-2018-3943 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
-CVE-2018-3942
-	RESERVED
-CVE-2018-3941
-	RESERVED
-CVE-2018-3940
-	RESERVED
+CVE-2018-3942 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-3941 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
+CVE-2018-3940 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	NOT-FOR-US: Foxit
 CVE-2018-3938 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
@@ -43523,16 +43566,16 @@ CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote att
 	NOT-FOR-US: IBM
 CVE-2018-1754
 	RESERVED
-CVE-2018-1753
-	RESERVED
+CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error ...)
+	TODO: check
 CVE-2018-1752
 	RESERVED
 CVE-2018-1751
 	RESERVED
-CVE-2018-1750
-	RESERVED
-CVE-2018-1749
-	RESERVED
+CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions for a ...)
+	TODO: check
+CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete ...)
+	TODO: check
 CVE-2018-1748
 	RESERVED
 CVE-2018-1747
@@ -43543,12 +43586,12 @@ CVE-2018-1745
 	RESERVED
 CVE-2018-1744
 	RESERVED
-CVE-2018-1743
-	RESERVED
-CVE-2018-1742
-	RESERVED
-CVE-2018-1741
-	RESERVED
+CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive ...)
+	TODO: check
+CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded ...)
+	TODO: check
+CVE-2018-1741 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly ...)
+	TODO: check
 CVE-2018-1740
 	RESERVED
 CVE-2018-1739
@@ -106335,8 +106378,8 @@ CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11
 	NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
 CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2016-7475
-	RESERVED
+CVE-2016-7475 (Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or ...)
+	TODO: check
 CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2016-7473



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4c73413efc2111f67a46214b78f28b517f6b611

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4c73413efc2111f67a46214b78f28b517f6b611
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181008/cfa3329b/attachment.html>


More information about the debian-security-tracker-commits mailing list